\useunder

\ul

A Database System for State Management in Stateful Network Service Function Chains [Vision]

Zhonghao Yang Information Systems Technology and Design
Singapore University of Technology and Design
Singapore
[email protected] Shuhao Zhang School of Computer Science and Engineering
Nanyang Technological University
Singapore
[email protected]

Abstract

Network Function Virtualization (NFV) heralds a transformative era in network function deployment, enabling the orchestration of Service Function Chains (SFCs) for delivering complex and dynamic network services. Yet, the development and sustenance of stateful SFCs remain challenging, with intricate demands for usability in SFC development, performance, and execution correctness. In this paper, we present DB4NFV, a database system designed to address these challenges. Central to DB4NFV is the integration of transactional semantics into the entire lifecycle of stateful SFC, a core idea that enhances all aspects of the system. This integration provides an intuitive and well-structured API, which greatly simplifies the development of stateful SFCs. Concurrently, transactional semantics facilitate the optimization of runtime performance by efficiently leveraging modern multicore architectures. Moreover, by encapsulating state operations as transactions, DB4NFV achieves robustness, even at the entire chain level, ensuring reliable operation across varying network conditions. Consequently, DB4NFV marks a substantial forward leap in NFV state management, leveraging transactional semantics to achieve a harmonious blend of usability, efficiency, and robustness, thus facilitating the effective deployment of stateful SFCs in contemporary network infrastructures.

Index Terms:

Network Function Virtualization (NFV), State Management, Database Systems, Transactional Semantics

I Introduction

Network Function Virtualization (NFV) has brought about a paradigm shift in network architectures by transitioning from traditional, hardware-dependent networking functions to agile, software-driven Virtualized Network Functions (VNFs) [1]. Central to this shift are stateful Service Function Chains (SFCs), where the management of dynamic states across interconnected VNFs becomes a pivotal concern. The effective handling of these states is crucial as it dictates the performance, correctness, reliability, and scalability of the SFCs in response to network dynamics [2, 3, 4, 5, 6, 7]. The complexity inherent in managing stateful SFCs is further amplified by the need to meet stringent correctness demands, such as Chain-Output Equivalence (COE) [8], highlighting the intricate and multifaceted nature of state management in the evolving landscape of NFV.

Refer to caption — Figure 1: An Example of Stateful Service Function Chain with a Conceptual State Manager.

Figure 1 depicts a representative stateful SFC composed of four types of network functions: a stateful firewall, a load balancer, a trojan detector [9], and a portscan detector [10]. Each VNF operates across multiple instances for enhanced performance and reliability. In this configuration, the firewall instances manage per-flow security states, essential for identifying and mitigating malicious activities, and operate primarily on local instance memory for per-flow state access. In contrast, the load balancer, trojan detector, and portscan detector necessitate collaborative management of shared states across multiple flows. For example, a load balancer instance, upon processing a new connection request, consults and updates the shared state to route the request to the optimally loaded host.

The challenge of state management intensifies in scenarios involving network dynamics, such as scaling, load balancing, and fault tolerance, where states and traffic flows necessitate efficient redistribution or recovery among instances [8]. The integration of a conceptual state manager in this architecture abstracts data storage and concurrency control through well-defined interfaces. This abstraction enables instances to seamlessly access and manipulate state objects as needed, thereby obviating the requirement for frequent cross-instance state transfers. Such an approach not only isolates state management from VNF execution logic but also empowers developers to more effectively implement and adapt concurrency control and failure recovery strategies in response to evolving network conditions.

The concept of decoupling state management from NFV, despite being proposed in prior research [11], presents three fundamental challenges that are yet to be comprehensively addressed. Firstly, the integration of increasingly complex network functions into modern SFCs necessitates NFV platforms that offer enhanced usability to streamline the development process. Secondly, the latency sensitivity inherent in network functions calls for advanced optimization techniques to ensure optimal performance of SFCs. Thirdly, the diverse scopes and consistency requirements of network states within SFCs demand robust and unified management strategies, adaptable to the dynamic nature of network environments. While several frameworks [6, 8, 12, 13, 7, 14, 5] have endeavored to tackle these challenges, a uniform solution that simultaneously satisfies all three criteria remains elusive due to the intricate complexities involved in state management for SFCs. This gap highlights the pressing need for a state management solution that is not only flexible and scalable but also reliable, aligning with the continuous evolution and dynamic requirements of modern network infrastructures.

We introduce DB4NFV, a database system designed specifically for the nuanced requirements of state management in SFCs. Embracing the concept of decoupling state management from SFCs, DB4NFV incorporates transactional semantics into VNF state management. This integration is manifested through a suite of clear and intuitive transactional APIs, which markedly streamline the development process of stateful SFCs. DB4NFV leverages the capabilities of modern parallel processing architectures. It dynamically adjusts workload distribution and resource allocation strategies, thereby optimizing runtime performance of stateful SFCs in response to diverse traffic conditions. Additionally, DB4NFV ensures execution correctness across various scales, from individual VNFs to the entire SFC, thereby offering robust solutions for state consistency and fault tolerance, particularly in the face of network dynamism.

The contributions of this paper are manifold and interlinked with the structure of the subsequent sections:

•

We present a thorough review of the state management landscape in NFV, introducing three key challenges that are fundamental to an effective state management system, and how existing works fail to address these challenges (Section II).
•

To address the challenges, we propose DB4NFV, a database system designed specifically for NFV. The architectural nuances and key features of DB4NFV are elaborated in Section III.
•

The implementation details of DB4NFV, showcasing how its unified API is supported and integrated with existing NFV frameworks, together with some optimization details, is delineated in Section IV.
•

We provide a conceptual analysis that summarizes and compares the features of existing works with those of DB4NFV in Section V.
•

The paper concludes with a summary of our key contributions and a discussion of future work in Section VI.

II Background and Motivation

II-A SFC State Management Challenges

In the realm of stateful Service Function Chain (SFC) development, we delineate three pivotal challenges: usability, efficiency, and robustness, each crucial to our work’s foundation.

Challenge 1: Enhancing Usability in Stateful SFC Development. Usability is a key determinant in the development of stateful SFCs, where the complexity lies in encoding intricate VNF behaviors, ensuring accurate packet processing, and achieving high-performance execution under dynamic network conditions. Intuitive APIs are essential in this context, as they facilitate efficient VNF creation, management, and orchestration, enabling streamlined scaling and rapid integration of new functionalities into existing chains.

A significant aspect of usability concerns managing diverse state access scopes and execution logics across VNFs. Per-flow states, specific to individual traffic flows, are managed separately by respective instances, while cross-flow states involve shared data accessed and updated concurrently by multiple instances. Managing these concurrent state accesses, ensuring consistency and correct sequencing, is crucial for system integrity. The platform must adeptly handle the varying demands of per-flow and cross-flow states, catering to the wide array of network functions dependent on these state types.

Challenge 2: Providing Efficient SFC Execution Runtime. In stateful SFCs, ensuring data consistency and availability, particularly under variable network conditions, is crucial for effective state management [11, 8]. A common challenge arises during frequent read and update operations on cross-flow states, leading to synchronization conflicts. This issue is evident when multiple instances simultaneously modify a shared state, resulting in action blocks and downstream processing delays (as shown in Figure 2a). For example, concurrent assignments by two load balancer instances to a single server without adequate synchronization lead to high contention and packet processing delays. Implementing an efficient state-sharing mechanism is therefore essential for optimizing stateful SFC performance.

Additionally, harnessing the capabilities of parallel architectures through strategic optimization techniques is fundamental to boost the overall performance and scalability of SFCs. Techniques such as state caching and workload balancing have been proposed to optimize VNF performance by reducing redundant state accesses and balancing loads [8, 7, 13]. Nonetheless, advancing the execution of stateful SFCs requires addressing challenges that include adaptively responding to variable traffic workloads and maximizing multicore architecture utilization, all while considering the integrated structure of the SFC.

Challenge 3: Ensuring Robustness in Stateful SFC. Robustness in stateful SFCs is imperative, particularly in handling VNF failures and network dynamics. Upon a VNF failure, the system must swiftly detect and nullify all state updates from the failed instance, as shown in Figure 2b. This action restores the system to a stable state and initiates failover procedures to maintain continuous traffic processing. Crucially, the recovery process must isolate the affected VNF to prevent disruptions in packet processing, state management, or routing decisions in interconnected VNFs.

Network traffic variability further complicates robustness in SFCs. Variations in traffic can necessitate scaling, load balancing, or straggler mitigation measures, involving complex redistributions of traffic and states across instances [8, 7, 15]. For instance, an increase in network traffic might require scaling up a stateful firewall (Figure 2c), leading to redistribution of security policies and reallocation of network traffic for load balancing. Ensuring COE in such scenarios mandates careful management of state transfers and traffic allocations, ensuring no disruption to the normal functioning of other VNFs within the SFC while suppressing redundant operations.

II-B Related Works on VNF State Management

The evolution of SFC deployment has been marked by the introduction of various VNF frameworks [6, 11, 3, 12, 8, 7]. Despite these developments, concurrently addressing usability, efficiency, and robustness in state management continues to pose significant challenges.

Lack of Uniform API. Current NFV frameworks, such as LibVNF [12], OpenNF [6], and S6 [7], offer APIs for constructing stateful VNFs. LibVNF provides essential interfaces for packet handling and data transmission, enabling fine-grained state exchange control across instances through event buffers and callbacks. OpenNF and S6 elevate state access abstraction from VNF execution, offering APIs that allow instances to retrieve and update network states with strong consistency. However, these frameworks fall short in supporting atomic updates, where multiple state changes must be executed or rolled back collectively. Moreover, their APIs are confined to individual NFs and do not encompass the coordination needed among multiple VNFs within an SFC. MicroNF [3] enables the consolidation and placement of modularized components across VNFs in an SFC, yet it does not support efficient management of per-flow and cross-flow states. These limitations impose substantial coding complexities on developers, particularly in maintaining state consistency and ensuring execution correctness across stateful SFCs.

Inefficient Execution Runtime. While current NFV frameworks implement various concurrency control mechanisms to manage stateful operations, they often incur significant synchronization overhead, especially during high volumes of concurrent updates. Moreover, these frameworks generally do not fully leverage the benefits of parallel processing architectures in dynamic network environments. For instance, FlexState [13] assumes that shared states can be partitioned without synchronization, an approach that is not always feasible for VNFs with inherent state-sharing requirements. OpenNF [6] introduces a two-phase state-sharing protocol, opting for state transfer across instances for eventual consistency or broadcasting updates for strong consistency as needed. S6 [7] employs a distributed shared object model, periodically consolidating local updates into a global state. Similarly, CHC [8] analyzes traffic workloads to determine the most suitable state-sharing technique, be it partitioning, caching, or operation offloading. Despite these advancements in tailoring state-sharing strategies to network conditions, the existing solutions often rely on coarse-grained concurrency controls. This reliance results in significant locking overhead, particularly during frequent updates to shared states, thus adversely affecting the performance and scalability of stateful SFCs.

Insufficient Support for Reliability. Maintaining consistent shared states during concurrent accesses, coupled with ensuring accurate execution amidst network dynamics, presents a complex challenge. Most existing frameworks are tailored to support single NFs with specific network consistency requirements, but they fall short of addressing the broader spectrum of reliability needs in stateful SFCs. For instance, FTMB [16] and Pico Replication [14] provide failure recovery mechanisms for VNFs managing per-flow states. However, they do not adequately address the needs of VNFs dealing with shared cross-flow states. Frameworks such as OpenNF [6], S6 [7], and FlexState [13] facilitate concurrent updates to shared states, but they lack mechanisms to ensure isolated execution and failure recovery for multiple VNFs within an SFC. Although CHC guarantees execution robustness, its performance suffers from a lock-based state-sharing mechanism under highly intensive concurrent state accesses. As a result, developers utilizing these frameworks for stateful SFCs often face additional burdens to ensure COE and reliability, highlighting the need for more comprehensive solutions in this domain.

II-C The Need for a Unified Solution

The stateful SFC domain grapples with significant state management challenges, primarily due to the varied and complex requirements of network functions. A critical issue stems from the tight coupling between state management APIs and their underlying data stores, which hampers adaptability and compounds development difficulties. Moreover, the absence of a standardized approach leads to inefficiencies, as developers are required to navigate multiple state management systems for different NFV scenarios. In light of these challenges, the demand for a unified, high-performance state management system for stateful SFCs is evident. Such a system, equipped with a singular API for various state access operations, would not only streamline development processes but also enhance overall system performance through efficient resource utilization and dynamic scheduling. A unified solution would ease the integration of VNFs across diverse operational contexts and simplify adherence to diverse reliability and consistency standards.

III Key Designs

In this section, we begin by presenting the design philosophy of DB4NFV, offering an abstract perspective, followed by a detailed exploration of our system mechanisms that overcome the challenges of enhancing usability, execution efficiency, and offering a reliable execution environment.

III-A The DB4NFV Abstraction

III-A1 Design Philosophy

A key idea of DB4NFV is expressing state access operations during SFC execution as database transactions. Encapsulating atomic stateful operations into a single transaction simplifies the declaration of complex VNF dependencies. By centralizing the control of transactional state accesses, concurrent access to shared states can be efficiently executed to enhance the overall performance. Furthermore, leveraging transaction ACID properties guarantees the reliability of the chain under network dynamics or execution failures.

III-A2 Architectural Overview

Figure 3 provides an architectural overview of DB4NFV in conjunction with a standard NFV framework. DB4NFV introduces a set of user-friendly state access interfaces designed for seamless integration with existing NFV frameworks. Once initialized based on user specifications, the SFC is prepared to handle network traffic. At its core, DB4NFV features a centralized state manager responsible for overseeing network states and regulating state access requests from VNF instances, which are deployed on existing NFV frameworks.

III-A3 Execution Flow

As illustrated in Figure 3, the execution workflow of DB4NFV operates with NFV frameworks, where VNF instances process incoming packets according to per-flow logic. This entails reading packet headers, retrieving per-flow states from local memory, and determining packet forwarding paths. When VNF instances require access to cross-flow states, they forward these requests to the centralized state manager of DB4NFV. This manager organizes the requests into transactions, aligned with predefined user logic.

DB4NFV’s design ensures careful resolution of transactional dependencies prior to execution, scheduling these transactions across multiple executors for parallel processing. Each executor processes its set of transactions sequentially, effectively eliminating synchronization conflicts. Upon completion, DB4NFV relays the state access outcomes back to the VNF instances for further action, if necessary. The instances then proceed to forward the processed packets downstream, adhering to the established network topology.

TABLE I: DB4NFV API

Category	Function Name
Network Configuration	assignInputSource (IP, port, protocol)
	assignOutputTarget (IP, port, protocol)
	registerState (stateID, key, fields, access scope, consistency requirements)
VNF state access templates	addStateObject (stateID, type)
	addStateAccess (list of stateIDs, type)
	addTransaction (list of stateAccessIDs)
VNF execution logic	addVNF (list of txnIDs, normalUDFID, txnUDFID)
	setPerFlowUDF (dataHolder)
	setCrossFlowUDF (dataHolder)
VNF State access operations	getStateField (stateID, field)
	setStateField (stateID, field, value)
	abortTxn ()
Network topology	addTopoNode (vnfID, parentID, stage, parallelism)

Job job = new Job(“newSFC”); // declare a new SFC

// declare StateObjects

3job.addStateObject(“security_policy”);

4job.addStateObject(“host_load”);

5job.addStateObject(“request_history”);

6job.addStateObject(“portscan_likelihood”);

// declare StateAccesses

8job.addStateAccess(“update_policy”, “security_policy”, “W”);

9job.addStateAccess(“update_least_loaded_host”, “host_load”, “W”);

10job.addStateAccess(“evaluate_traffic”, “request_history”, “R”);

11job.addStateAccess(“record_activity”, “request_history”, “W”);

12job.addStateAccess(“check_likelihood”, “portscan_likelihood”, “R”);

13job.addStateAccess(“update_likelihood”, “portscan_likelihood”, “W”);

// declare transactions

15job.addTransaction(“lb_txn”, {“update_least_loaded_host”});

16job.addTransaction(“td_txn”, {“evaluate_traffic”, “record_activity”});

17job.addTransaction(“ps_txn”, {“check_likelihood”, “update_likelihood”});

// declare VNFs

19job.addVNF(“firewall”, fw_perFlowUDF);

20job.addVNF(“load balancer”, {“lb_txn”}, lb_perFlowUDF, lb_crossFlowUDF);

21job.addVNF(“trojan detector”, {“td_txn”}, td_perFlowUDF, td_crossFlowUDF);

22job.addVNF(“portscan detector”, {“ps_txn”}, ps_perFlowUDF, ps_crossFlowUDF);

// declare SFC topology

24job.addTopoNode(“firewall”, null, stage=1, parallelism=8);

25job.addTopoNode(“load balancer”, “firewall”, stage=2, parallelism=8);

26job.addTopoNode(“trojan detector”, “load balancer”, stage=3, parallelism=4);

27job.addTopoNode(“portscan detector”, “load balancer”, stage=3, parallelism=4);

job.start(); // Initialize SFC

Algorithm 1 Defining the example stateful SFC

1 Function IDS_Cross_Flow_UDF (dataHolder):

2requestHistory = dataHolder.getStateField(“request_history”);

3newRequest = dataHolder.getPacketData(“new_request”);

4isMalicious = securityCheck(requestHistory, newRequest);

5if isMalicious then // Raise alarm and abort txn

7 notifyHost();

8 dataHolder.abortTxn();

9else // Record new request

11 dataHolder.setStateField(“request_history”, requestHistory, newRequest);

Algorithm 2 API demonstration for defining cross-flow UDF for Trojan Detector

III-B Uniform API for Stateful SFC

To facilitate the SFC development, DB4NFV incorporates transactional semantics into stateful SFC declarations, providing users with a well-structured approach to defining complex VNF behaviors. The APIs are summarized in Table I.

III-B1 Network Configuration

Functions assignInputSource and assignOutputTarget specify the source of input packets and targets to receive processed packets for stateful SFCs. Meanwhile, Function registerState configures the schema of network states, as well as their access scopes and consistency requirements. The declared states can be further referenced during VNF logic declarations.

III-B2 State Access Operation

Function addStateObject and addStateAccess allows users to define the state access operations by referencing configured network states. These state access operations can be further encapsulated into transactions via Function addTransaction, ensuring their atomicity based on VNF requirements.

III-B3 VNF Execution Logic

Function addVNF defines VNF execution logics, including their corresponding set of transactions, and two types of user-defined functions. Function setPerFlowUDF specifies per-flow processing procedures that only access instance local memories, and Function setCrossFlowUDF specifies the cross-flow processing procedures to shared network states.

III-B4 Network Topology

DB4NFV abstracts the topology of stateful SFCs as logical directed acyclic graphs (DAGs), whose nodes represent network functions and edges signify inter-VNF traffic flow. Function addTopoNode allows users to declare the position of VNFs in the topology, as well as their level of parallelism during execution.

Example of Developing SFC with DB4NFV. To demonstrate the usability of our API, Algorithm 1 shows the definition of the example stateful SFC. After registering a new SFC job, the user declares the state objects to be visited during state access operations. For example, the stateful firewall declares access to its security policy states using addStateObject (“security_policy”). State objects can be further combined to describe state access operations using Function addStateAccess. DB4NFV supports two primary types of state access operations: (1) Read, representing a read action on a single state object, and (2) Write, representing a write action to a single state object, coupled with conditional read actions on multiple states.

Atomic state access operations are encapsulated as a transaction via Function addTransaction. For instance, the transaction of the trojan detector contains two steps: (1) reading the host request history to evaluate a new request, and (2) updating the request history if no threats are detected. These two operations should be collectively executed. The declared transactions are further assigned to their corresponding VNFs via Function addVNF, along with two UDFs encoding VNF execution procedures. Finally, the stateful SFC is constructed by adding declared VNFs as topology nodes via Function addTopoNode. The stateful firewall has no upstream node and its stage is set to 1, indicating its starting position in the chain. Meanwhile, both the trojan detector and the portscan detector specify load balancer as their common upstream node, and they have the same stage number of 3. Users can also configure the number of parallel executors to be deployed for each VNF.

To further illustrate, Algorithm 2 shows how cross-flow UDFs can be defined for a trojan detector, which detects malicious patterns in packet request sequences to host resources (E.g., SSH connection, HTTP download, FTP download, IRC connection) [9]. Upon receiving a new request, an instance first acquires the shared request history through getStateField and conducts a security check. If the overall request sequence matches the malicious pattern, the instance will report to the host and abort this transaction using abortTxn. Otherwise, the new request is updated to the state by setStateField. Lastly, users can fine-tune the detailed execution settings of the DB4NFV system using a series of system configuration functions. These functions provide the flexibility to configure workload scheduling, logging, and benchmarking parameters, ensuring a tailored and optimized system configuration tailored to specific requirements.

III-C High-Performance Runtime

Transactional semantics integration into VNF shared state management enhances the development of stateful SFCs and improves shared state management with well-defined transactional dependencies. However, mere transactional representation of state access operations is insufficient to mitigate synchronization conflicts under concurrent accesses. DB4NFV, therefore, employs multiple optimization techniques to leverage parallel architecture effectively and boost SFC performance.

Adaptive Transaction Workload Scheduling. DB4NFV identifies the fine-grained workload dependencies among state access operations before execution. These processes are performed based on stage, indicating the position of VNFs in the SFC (Section III-B4). Stage restricts the boundary for parallel execution. Transaction requests from the same stage can be processed concurrently, or they must be sequentially executed. Upon receiving state access requests, DB4NFV constructs one Task Precedence Graph (TPG) for each stage, where nodes symbolize state access operations and edges represent transactional dependencies. Dependencies are categorized as time-based (for operations accessing the same state object at different times), parametric (where one operation depends on another’s result), or logical (defining transaction boundaries). The TPG informs the allocation of workloads to parallel threads.

Once the TPG is constructed, DB4NFV allocates state access workloads to parallel threads. Given the highly dynamic and unpredictable nature of network traffic workload characteristics, DB4NFV adaptively selects the optimal task scheduling strategy from a pool of schedulers, aiming to fully optimize multicore resources and enhance overall system performance. The schedulers vary based on the graph exploration algorithms (BFS, DFS, Non-Structured), or whether to group multiple state access operations to trade off between improving scalability with fine-grained task allocation and reducing context-switching overhead. A heuristic decision model guides the selection of the optimal strategy based on multiple criteria, including the distribution of three types of dependencies, the skewness among state access operations, and an estimation of their computational complexities.

Support of VNF Modularization. DB4NFV also incorporates VNF modularization [3, 2, 17], segmenting VNF logic into discrete modules. Figure 4 illustrates applying modularization on the trojan detector and portscan detector, highlighting their common modular that can be reused to support both VNFs. During SFC declaration, DB4NFV allows users to define their VNFs in the form of collective VNF modular. Based on their functionalities and traffic dependencies, DB4NFV identifies and determines the feasibility of reusing modular components to support multiple VNFs in the chain, and generates an optimal modular placement strategy among instances. The placement strategy is determined so that different cores have minimum communications to support the collective execution of modular.

Caching of Infrequently Updated States. In scenarios where VNFs or specific network traffic patterns predominantly involve frequent Read operations on shared states with infrequent updates, DB4NFV implements a strategic caching mechanism. This approach is geared towards reducing redundant state accesses and minimizing packet processing delays. DB4NFV evaluates the ratio of Read requests against the total transaction batch. When the Read operations significantly outweigh updates, surpassing a predetermined threshold, DB4NFV enhances performance by caching these states in each thread’s local memory. This cached information is promptly synchronized with the central state upon any update to maintain consistency. In contrast, states experiencing a balanced or high ratio of updates are classified as frequently updated and are retained in the centralized datastore. Here, they are managed via DB4NFV’s transactional concurrency control mechanism, ensuring synchronized and efficient state access across the system.

TABLE II: Comparison with Existing NFV Frameworks

Stateful NFV Frameworks

Usability in Stateful

SFC Development

Efficient SFC

Execution Runtime

Robustness in

Stateful SFC

Support for

Varying

State Scopes

Support for

State Access

Atomicity

Support for

VNF

Coordination

Concurrent

State Access

Efficiency

Failure

Recovery

Efficiency

State

Migration

Efficiency

Utilization of

Multicore

Architectures

Failure

Recovery

Reliability

State

Migration

Reliability

FTMB [16]

\times

\times

\times

\times

\checkmark

\checkmark

\times

\times

\times

\times

OpenNF [6]

\checkmark

\times

\times

\times

\checkmark

\times

\times

\times

\checkmark

StatelessNF [11]

\checkmark

\times

\times

\checkmark

\checkmark

\checkmark

\times

\times

\checkmark

S6 [7]

\checkmark

\times

\times

\times

\times

\checkmark

\checkmark

\times

\checkmark

CHC [8]

\checkmark

\checkmark

\checkmark

\times

\checkmark

\checkmark

\checkmark

\checkmark

\checkmark

MicroNF [3]

\times

\times

\checkmark

\times

\times

\times

\checkmark

\times

\times

FlexState [13]

\checkmark

\times

\times

\times

\checkmark

\times

\checkmark

\times

\times

DB4NFV

\checkmark

\checkmark

\checkmark

\checkmark

\checkmark

\checkmark

\checkmark

\checkmark

\checkmark

\checkmark

\checkmark

\checkmark

\checkmark

III-D Robust State Management

Robustness in SFC execution is crucial, necessitating network states to be consistent despite execution failures or fluctuating network conditions. In DB4NFV, per-flow states, as well as states amenable to partitioning or infrequent shared access, are managed as local states within each instance’s memory for rapid access. Conversely, cross-flow states frequently accessed by multiple instances are centralized in a key-value database, with a state manager overseeing access.

Fault Tolerance Execution. DB4NFV ’s decoupled state management architecture enhances fault tolerance, effectively isolating failures within the job. To support this, DB4NFV utilizes multi-version state storage. State access executors update snapshots and transaction histories at regular intervals, laying the groundwork for quick state recovery post-failures. During operation, DB4NFV records interim results from dependency resolutions, including potential transaction aborts and parametric dependencies, where one state access hinges on another’s update. In the event of an instance failure, DB4NFV promptly identifies and halts all impacted state operations, guided by its dependency logs. It then reverts to the most recent stable state snapshot, ensuring the system’s consistency is preserved.

Robustness under Network Dynamics. The decoupled state management approach equips DB4NFV with the agility to uphold state consistency amidst diverse network conditions, while also ensuring scalability. Under regular operation, per-flow states are maintained within local memory for efficient access and modification. However, in response to dynamic network conditions necessitating state migration, these local states are temporarily shifted to the centralized database, becoming accessible shared resources for other relevant instances. For example, if a VNF is required to scale up due to a surge in network traffic, the per-flow states from existing instances are transferred to the centralized database. The state manager then reallocates these states among newly provisioned instances. Similarly, when a straggler VNF instance is detected, its local states are registered in the database and shared with a backup instance to ensure continuity. Upon completion of such migrations, the temporarily shared states are removed from the centralized database and reverted to their original locations in local memories. This method of state management fortifies the robustness of DB4NFV in handling network dynamics, seamlessly adapting to changing conditions without compromising system stability.

IV Implementation Details

This section discusses more implementation details of DB4NFV, outlined in Figure 5. It is publicly accessible¹¹1https://github.com/intellistream/MorphStream/tree/DB4NFV.

API Implementation Details. DB4NFV significantly simplifies the development of stateful SFCs through its structured client-side APIs, divided into descriptive and procedural categories. The descriptive APIs provide users the tools to define the SFC’s architecture, including state schemas, operational processes, and network topologies, utilizing functions like addStateAccess and addTransaction. On the other hand, procedural APIs concentrate on the executable aspects of VNFs, specifically targeting user-defined functions as elaborated in Section III-B3.

Integration with NFV Frameworks. Built upon a recent transactional stream processing system [18], DB4NFV features transactional state access APIs that facilitate seamless integration with various NFV frameworks. A notable integration achievement is with libVNF [12], which specializes in packet transmission and kernel-bypass optimizations. This integration uses the Java Native Interface for effective data transfer and API communication between Java and C++ environments. During runtime, VNF instances in libVNF process incoming packets and conduct per-flow operations. For cross-flow state access, these instances send transactional state access requests to DB4NFV. These requests, treated as callback functions, allow for the continuation of per-flow processing while DB4NFV handles the state access.

Data Encoding and Template Utilization. To optimize performance in managing complex transactional structures, DB4NFV adopts a byte stream encoding strategy for state access requests, focusing solely on packet-specific data to minimize processing overhead. Additionally, DB4NFV utilizes static descriptive templates to store common information, readily available to all executors. This approach of processing byte streams, where DB4NFV extracts essential packet data and transactional dependencies from these templates, leads to efficient execution of user-defined functions. Such a streamlined process eases development challenges, enabling developers to manage state access with clarity and efficiency in their data structures.

V Comparing to Existing Works

In the development of DB4NFV, we encountered a unique challenge in conducting a direct empirical comparison with existing solutions. Current state management solutions for SFCs lack a unified approach that encapsulates all the features necessary for a comprehensive evaluation. This absence of a holistic solution in the market necessitates the re-implementation of these various solutions within the DB4NFV framework to enable a meaningful comparison. Given the extensive scope of such an endeavor, coupled with the visionary nature of this paper, we have focused on presenting a conceptual analysis rather than empirical results at this stage.

To provide a clear perspective on the current state of the field and the positioning of DB4NFV, we have prepared a detailed table as shown in Table II that summarizes and compares the features of existing works with those of DB4NFV. This comparative summary underscores the unique contributions of DB4NFV and highlights its potential to address the gaps and limitations present in current NFV technologies.

Although varying scopes of network states are supported by most existing works, they either ignore or fail to provide an intuitive interface for the declaration of state access atomicity and the coordination across VNFs in the chain. In contrast, DB4NFV provides well-structured APIs to efficiently support the development of stateful SFCs. Moreover, despite existing efforts in optimizing stateful SFC execution performance, they all suffer from high synchronization overhead during concurrent state accesses and fail to optimize the usage of multicore architectures. DB4NFV eliminates contention overhead by fine-grained dependency resolution before state access execution, and adaptively adjusting its task scheduling strategies to parallel executors based on real-time traffic. It further enhances SFC scalability with various optimization techniques leveraging multicore architectures. Lastly, there exist gaps in most existing NFV frameworks in ensuring the robustness of SFC, as they lack the support for enforcing state access atomicity under failures. In response, DB4NFV guarantees atomic state access execution with transactional semantics and provides a robust SFC execution environment prone to VNF failures and network dynamics. To summarize, DB4NFV offers a uniform solution to address the challenges in stateful SFCs simultaneously.

VI Conclusion

In this paper, we introduced DB4NFV, a database system uniquely tailored for the complex requirements of managing state in stateful SFCs. By integrating transactional semantics into VNF state management, DB4NFV simplifies the development process and enhances the management of shared states. Its architecture adeptly addresses critical NFV challenges, including synchronization conflicts and efficient use of multicore architectures, thereby ensuring robust performance across dynamic network conditions and in scenarios of VNF failures. Through novel workload scheduling and fault tolerance approaches, DB4NFV markedly improves the scalability and reliability of NFV platforms. Looking to the future, DB4NFV lays a solid foundation for ongoing data-centric innovations in NFV technology. We plan to further refine state management techniques within DB4NFV and expand its adaptability to a wider range of network conditions and use cases. The promise of DB4NFV reaches beyond its current capabilities, positioning it as a catalyst for innovation and a significant contributor to the evolution of modern network infrastructures.

References

[1] R. Mijumbi, J. Serrat, J.-L. Gorricho, N. Bouten, F. De Turck, and R. Boutaba, “Network function virtualization: State-of-the-art and research challenges,” IEEE Communications surveys & tutorials, vol. 18, no. 1, pp. 236–262, 2015.
[2] A. Bremler-Barr, Y. Harchol, and D. Hay, “Openbox: A software-defined framework for developing, deploying, and managing network functions,” in Proceedings of the 2016 ACM SIGCOMM Conference, pp. 511–524, 2016.
[3] Z. Meng, J. Bi, H. Wang, C. Sun, and H. Hu, “Micronf: An efficient framework for enabling modularized service chains in nfv,” IEEE Journal on Selected Areas in Communications, vol. 37, no. 8, pp. 1851–1865, 2019.
[4] S. Palkar, C. Lan, S. Han, K. Jang, A. Panda, S. Ratnasamy, L. Rizzo, and S. Shenker, “E2: A framework for nfv applications,” in Proceedings of the 25th Symposium on Operating Systems Principles, pp. 121–136, 2015.
[5] S. Rajagopalan, D. Williams, H. Jamjoom, and A. Warfield, “Split/merge: system support for elastic execution in virtual middleboxes.,” in NSDI, vol. 13, pp. 227–240, 2013.
[6] A. Gember-Jacobson, R. Viswanathan, C. Prakash, R. Grandl, J. Khalid, S. Das, and A. Akella, “Opennf: Enabling innovation in network function control,” ACM SIGCOMM Computer Communication Review, vol. 44, no. 4, pp. 163–174, 2014.
[7] S. Woo, J. Sherry, S. Han, S. Moon, S. Ratnasamy, and S. Shenker, “Elastic scaling of stateful network functions,” in 15th $\{$ USENIX $\}$ Symposium on Networked Systems Design and Implementation ( $\{$ NSDI $\}$ 18), pp. 299–312, 2018.
[8] J. Khalid and A. Akella, “Correctness and performance for stateful chained network functions.,” in NSDI, vol. 19, pp. 26–28, 2019.
[9] L. De Carli, R. Sommer, and S. Jha, “Beyond pattern matching: A concurrency model for stateful deep packet inspection,” in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 1378–1390, 2014.
[10] S. E. Schechter, J. Jung, and A. W. Berger, “Fast detection of scanning worm infections,” in Recent Advances in Intrusion Detection: 7th International Symposium, RAID 2004, Sophia Antipolis, France, September 15-17, 2004. Proceedings 7, pp. 59–81, Springer, 2004.
[11] M. Kaplan, A. Alsudais, E. Keller, and F. Le, “Stateless network functions: Breaking the tight coupling of state and processing,” in Symposium on Networked Systems Design and Implementation, 2017.
[12] P. Naik, A. Kanase, T. Patel, and M. Vutukuru, “Libvnf: Building virtual network functions made easy,” in Proceedings of the ACM Symposium on Cloud Computing, SoCC ’18, (New York, NY, USA), p. 212–224, Association for Computing Machinery, 2018.
[13] M. Pozza, A. Rao, D. F. Lugones, and S. Tarkoma, “Flexstate: Flexible state management of network functions,” IEEE Access, vol. 9, pp. 46837–46850, 2021.
[14] S. Rajagopalan, D. Williams, and H. Jamjoom, “Pico replication: A high availability framework for middleboxes,” in Proceedings of the 4th annual Symposium on Cloud Computing, pp. 1–15, 2013.
[15] F. B. Carvalho, R. A. Ferreira, Í. Cunha, M. A. Vieira, and M. K. Ramanathan, “Dyssect: Dynamic scaling of stateful network functions,” in IEEE INFOCOM 2022-IEEE Conference on Computer Communications, pp. 1529–1538, IEEE, 2022.
[16] J. Sherry, P. X. Gao, S. Basu, A. Panda, A. Krishnamurthy, C. Maciocco, M. Manesh, J. Martins, S. Ratnasamy, L. Rizzo, et al., “Rollback-recovery for middleboxes,” in Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication, pp. 227–240, 2015.
[17] E. Kohler, R. Morris, B. Chen, J. Jannotti, and M. F. Kaashoek, “The click modular router,” ACM Transactions on Computer Systems (TOCS), vol. 18, no. 3, pp. 263–297, 2000.
[18] Y. Mao, J. Zhao, S. Zhang, H. Liu, and V. Markl, “Morphstream: Adaptive scheduling for scalable transactional stream processing on multicores,” Proc. ACM Manag. Data, vol. 1, may 2023.